NSA report indicates Russian cyberattack against U.S. voting software vendor last August

By Rebecca Shabad

Updated on: June 5, 2017 / 8:55 PM
/ CBS News

NSA report on Russian hacking

Russian government hackers carried out a cyberattack against one U.S. voting software vendor last August and launched a spear-phishing attack targeting local U.S. organizations days before the 2016 U.S. election, according to a highly classified report within the National Security Agency.

CBS News confirmed the authenticity of the report Monday after the 5-page document was published by The Intercept. Sections of the report have been redacted by U.S. intelligence, CBS News' Jeff Pegues reports, and the Office of the Director of National Intelligence has declined to comment on it.

One of the four authors who wrote The Intercept's story about the NSA report tweeted that nothing in the report indicated that "the actual voting machines or vote tabulations were compromised" in November's election. Former DNI James Clapper, who left his post before President Trump's inauguration, has repeatedly said that there was no evidence that Russia changed any vote tallies in the U.S. election.

The report itself doesn't offer raw intelligence, The Intercept said, but analyzes intelligence the NSA recently acquired. The report is dated May 5, and one part says it was based on information that became available in April.

Russian government hackers within the country's intelligence service masqueraded as an e-voting vendor in an email to trick local U.S. government employees into opening documents that were "invisibly tainted with potent malware," The Intercept reports. Late last August, the report says that these hackers sent emails that seemed to be from Google to workers at an election software company in the U.S., the report said. The Intercept pointed out that while the company wasn't directly named, the NSA's report referenced the company VR Systems several times. Its products are used in eight states: California, Florida, Illinois, Indiana, New York, North Carolina, Virginia, and West Virginia. The NSA found that there were seven "potential victims" at the unnamed company and at least one person's account was likely compromised.

In late October, the hackers set up a Gmail account that appeared to be from an employee at VR Systems and launched a spear-phishing attack in the days following against local government organizations, The Intercept reports.

"It is unknown whether the aforementioned spear-phishing deployment successfully compromised the intended victims, and what potential data could have been accessed by the cyber actor," the NSA's report says.

The report's summary also noted two other hacking operations in which another email address was created to "potentially used to offer election-related products and services, presumably to U.S.-based targets." The hackers also "sent test emails to two non-existent accounts ostensibly associated with absentee balloting, presumably with the purpose of creating those accounts to mimic legitimate services." The test emails appeared to be sent to accounts that appeared to be associated with American Samoa's Election Office.